2014-01-02 - TWO MORE EXAMPLES: FIESTA EK AND NEUTRINO EK TRAFFIC

Quick post for PCAPs and malware on two different infections...

 

EXAMPLE 1 - FIESTA EK TRAFFIC

ASSOCIATED DOMAINS:

HTTP REQUESTS:

ARTIFACTS FROM THE PCAP:

MALWARE:

FILES:

 

EXAMPLE 2 - NEUTRINO EK TRAFFIC

ASSOCIATED DOMAINS:

HTTP REQUESTS:

ARTIFACTS FROM EXPLOIT DOMAIN IN THE PCAP:

MALWARE:

FILES:

The ZIP files are password-protected with the standard password for these sort of things.  If you don't know what it is, email admin@malware-traffic-analysis.net and ask for it.

Click here to return to the main page.